Toyah Tyler (SC Cleared)
Manchester
Summary
Microsoft Office 365/Azure Security Expert with strong customer service, security, and professional orientation. Have migrated over 50k devices across Symantec, Trend, McAfee, and Trellix for a number of public and private organizations across the globe. Understanding the processes involved in migrating to Defender from planning, building an MVP, proof of concept (PoC), and automation of processes to onboarding and pen-testing. Have created several simulations to validate that Defender is activated across endpoints and reporting correctly in the Defender XDR tool; as well as trying to jailbreak Defender and its tamper protection capability.
Have also worked with Defender for Endpoints, Identity, Cloud, Off365, and Cloud Apps – plus the integration and integration of various logs and datasets into Sentinel. As well as using Sentinel to create workbooks, and playbooks and parse and interrogating data to triage incidents leveraging a number of cybersecurity frameworks – like Mitre Att&ck and NIST framework.
I have also set up SOC teams from scratch into Red/Blue/Purple teams and built RACI to provide an effective support model for Defender & the SOC team.
Overview
3
3
years of professional experience
Work History
Defender Stack (MDE, MDO, MDI, MDC)
Serco Global Services
01.2023 - 01.2024
- Enabling Azure Defender on subscriptions to protect our Azure and hybrid resources to protect management ports of VMs with Just-in-time and adaptive applications controls.
- Automating removal of other AV products across the estate and consolidating on Defender for Endpoint and Defender for Cloud
- Creating Defender Firewall Rules and Exclusion
- Creating Ansible Scripts to remove AV products from Servers
- Evaluating and monitoring Defender XDR tool for incidents and alerts
- Removal of CarbonBlack High Enforcement and replacing with Windows Defender for Application Control (WDAC)
- Performing a discovery of environment and designing a technical onboarding process for their Azure/O365 tenants.
- Intune Endpoint Manager, Identity protection, Conditional access, O365 ATP, Azure ATP, RBAC.
- Integrating salesforce, workday and other SaaS application rest API with Microsoft Cloud App Security to manage and enforce DLP policies over our sensitive data.
- Leveraging passwordless authentication to mitigate the risk password attacks from privileged accounts and enabling MFA on accounts which are not capable of having passwordless authentication.
- Azure/O365 security center – Compliance manager i.e., Azure Benchmark, CIS, O365/Azure GDPR, NIST 800-53.
- Protecting virtual machines data by using Azure Disk Encryption (ADE) that is using BitLocker for windows VMs and DM-Crypt for Linux VMs.
- Leveraged Azure Sentinel to integrate Azure Security Center, Azure AD, Firewalls, MCAS, F5, Symantec Endpoint Security, Nessus scanner for vulnerability scans, authenticated and unauthenticated scans for newly built servers, O365 ATP, Windows Defender, Microsoft ATP and third-party security tools like Symantec EP.
- Setup and configure Endpoint Protection ATP, EXO ATP policies and Email Security, implement Post- breach defense with ATA, DLP, Mail flow, Information governance, AIP and SIEM.
- Microsoft Endpoint Manager; InTune, MDM & MAM.
- I.e., Device enrollment, Device Configuration, Device Security, Conditional Access policy and Device compliance.
Defender Subject Matter Expert
Curo Global Services -AllenOvery, Sainsburys Bank
02.2022 - 01.2023
- Developed a POC for Defender for Application Control, Exploit & Credential Guard
- Deployed Defender SmartScreen across Edge Browsers
- Evaluated MSSense Defender services issue and provided a workaround to crashes and buffer overflow
- Mapped out Data flow across Dataset from Endpoints to Defender portal
- Leverage Defender Device Discovery to evaluate the state of Play across tenants devices
- Used Qualys Vulnerabilities recommendation to resolve and triage issues
- Worked on Alerts and incidents generated across Defender stack to provide ongoing support
- Helped client navigate their journey to the cloud on the Microsoft Office 365 and Enterprise Mobility and Security Platforms (EMS).
- Designing and deploying Microsoft Defender ATP through InTune/Config Manager.
- InTune configuration policies, baseline policies, GPO, and restrictions policies.
- Azure Active Directory deployment/educating client on best Azure AD licensing for project.
- Designed and developed cloud-specific security policies, standards, and procedures e.g., O365 Tenant management and configuration, identity management and access control, firewall management, auditing and monitoring, security incident and event management.
- Provided internal technical training to Advisory personnel as needed.
- Provided technical support for O365 services and resolve service-related issues through research and troubleshooting and working with Microsoft.
- Configured and deployed MFA, SSO, MIM, PIM, PAM.
M365 Defender
Microsoft
10.2021 - 02.2022
- Helped design and deploy Microsoft Security stack i.e., MCAS, Microsoft Information Protection, Azure Sentinel, Microsoft Defender for Identity, Microsoft 365 Defender, Defender for Endpoint and Azure Lighthouse.
- Configured Defender Advanced Features CIs
- Provided an analysis of Defender Plan 1 & Plan 2 and which fits the state of play at the organization whilst enunciating the benefits of all of Defender capabilities.
- Developed SOC processes and procedures
- Developed Defender Kusto Queries Language to parse and extrapolate data from endpoints.
- Designed and developed the roadmap for Defender at Technical Design Authority.
- Onboarding Azure Sentinel to receive logs from data sources, detected previously undetected threats, investigated threats with artificial intelligence and responded to incidents rapidly using playbooks and KQL queries.
- Set up and configured Microsoft Defender for endpoint, and Exchange Online Protection, implement Microsoft defender for identity.
- Implement Data Loss Prevention (DLP), encryption, identity and access management, multi-factor authentication, endpoint protection.
- Engineer, test, document and deploy security administration in O365/ Azure cloud environment.
- Design and deploy Azure Active Directory as well as perform offline AD Security assessments, prepare, and deliver remediations plans.
- Configured and Monitor sign-ins, audit logs; enforce MFA and Privilege Identity Management (PIM) principle.
M365 Cloud Security Consultant - Defender
Infosys Technologies
08.2020 - 10.2021
- Creating configuration of Defender CIs on Intune, Group Policy and SCCM
- Deployed Defender and remove Symantec across 30k devices globally
- Investigate Defender EBR Block Mode
- Powershell tooling to validate Defender Extensions across Azure Servers
- Represented the Defender stack high level design to the Steering Board
- Developed procedures to support service desk techs as well as created and updated existing SOPs and CribSheet and FAQs to help with supporting end users.
Education
Master of Science - Business Administration
University of Wales
Cardiff, United KingdomSkills
- Defender for Endpoint (MDE), Defender for Identity (MDI), Defender for Cloud (MDC), Defender for Cloud Apps (MCAS), Defender for Office365 (MDO), Intune Endpoint Manager, Mobile Application Management (MAM), Azure Benchmark, Identity & Access
- Management (IAM), Zero Trust, Microsoft Information Protection, Cloud App Security (MCAS), Azure Active
- Directory (AAD), Data Loss Prevention (DLP), Microsoft Defender, O365, Enterprise Mobility and Security
- SIEM, SOAR, XDR, Cloud Security Posture Management, Sentinel, LightHouse
Timeline
Defender Stack (MDE, MDO, MDI, MDC)
Serco Global Services
01.2023 - 01.2024
Defender Subject Matter Expert
Curo Global Services -AllenOvery, Sainsburys Bank
02.2022 - 01.2023
M365 Defender
Microsoft
10.2021 - 02.2022
M365 Cloud Security Consultant - Defender
Infosys Technologies
08.2020 - 10.2021
Master of Science - Business Administration
University of Wales
Similar Profiles
TRACEY KISIELTRACEY KISIEL
Telephone Operator at Serco Global ServicesTelephone Operator at Serco Global Services
PETERONE PALAIALIIPETERONE PALAIALII
IMMIGRATION DETENTION SERVICE OFFICER at Serco Global ServicesIMMIGRATION DETENTION SERVICE OFFICER at Serco Global Services
Wayne WagnerWayne Wagner
Program Support at Serco Global ServicesProgram Support at Serco Global Services
Rinzin DorjiRinzin Dorji
Environmental Services Attendant at Serco Global ServicesEnvironmental Services Attendant at Serco Global Services
Dr Suleman Khan MRCPI CCT FRCPDr Suleman Khan MRCPI CCT FRCP
Consultant Rheumatologist (Full-time) at Freeman HospitalConsultant Rheumatologist (Full-time) at Freeman Hospital
